Pear_Auth_LDAP with TLS. A working example

If you ever had to struggle with Pear Auth and its LDAP plugin (PHP) against an LDAP server protected by TLS here is a working example.

At first it's wise to check if the system is well configured to perform connection to an ldap server

This short code comes in help:

$ldap="ldaps://example.com:PORT";
$usr="cn=admin,dc=example,dc=com";
$pwd="PASSWORD";

$ds=ldap_connect($ldap);
$ldapbind=false;
if(ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
  if(ldap_set_option($ds, LDAP_OPT_REFERRALS, 0))
//    if(ldap_start_tls($ds)) you can try this but probably it will fail saying that TLS can't be started. Not a big deal       $ldapbind = @ldap_bind($ds, $usr, $pwd);
ldap_close($ds);

echo $ldapbind ? "OK" : "ERROR"

If you get "ERROR" probably there is something wrong somewhere in your system.

If you get OK let's move on the working example for PEAR Auth

Pear_Auth_LDAP manual
 

To make it short, forget about the host, port and start_tls parameters. I wasted a lot of time 'cause of them. Use just these:

url = "ldaps://example.com:PORT"
version = 3
binddn = "cn=admin,dc=example,dc=com"
bindpw = "PASSWORD"
referrals = "true"
basedn = "ou=users,o=company,dc=example,dc=com"
userattr = "uid"
userscope = "one"
userfilter = "(objectClass=inetOrgPerson)"
enableLogging = "true"
debug = "true"
attrformat = "LDAP"

Don't forget to set the userfilter parameter!!